aWebNews visview.php Multiple Variable XSS

Network Security News – Tuesday, April 04, 2006 Events

aWebNews visview.php Multiple Variable XSS

aWebNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'yname', 'emailadd', 'subject', or 'comment' variables upon submission to the visview.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24333

aWebNews login.php user123 Variable SQL Injection

aWebNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'user123' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24334

aWebNews visview.php _GET['cid'] Variable SQL Injection

aWebNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the visview.php script not properly sanitizing user-supplied input to the _GET['cid'] variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24336

aWebNews fpass.php user123 Variable SQL Injection

aWebNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the fpass.php script not properly sanitizing user-supplied input to the 'user123' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24335

Bugzero edit.jsp Multiple Variable XSS

Bugzero contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'entryId' and 'projectId' variables upon submission to the edit.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24329

Bugzero query.jsp msg Variable XSS

Bugzero contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the query.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24328

Bugzero main.jsp msg Variable XSS

Bugzero contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the main.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24331

Bugzero login.jsp msg Variable XSS

Bugzero contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the login.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24330

Bugzero error.jsp error Variable XSS

Bugzero contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error' variable upon submission to the error.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24332

NetBSD if_bridge(4) Function Arbitrary Kernel Memory Disclosure

NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when 'ioctl' calls are made on Ethernet bridge interfaces. The operating system's kernel will not fully zero out temporary stack memory to hold the results of the 'ioctl' call which could disclose kernel stack memory to the calling process, resulting in a loss of confidentiality.. Read more at osvdb.org/24262

Vuln: MySQL Query Logging Bypass Vulnerability

MySQL Query Logging Bypass Vulnerability. Read more at securityfocus.com/bid/16850

Vuln: PHP Html_Entity_Decode() Information Disclosure Vulnerability

PHP Html_Entity_Decode() Information Disclosure Vulnerability. Read more at securityfocus.com/bid/17296

Vuln: LucidCMS Index.PHP Multiple Cross-Site Scripting Vulnerabilities

LucidCMS Index.PHP Multiple Cross-Site Scripting Vulnerabilities

. Read more at securityfocus.com/bid/17360

Vuln: Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability

Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15102

SYMSA-2006-002: McAfee WebShield SMTP Format String Vulnerability

SYMSA-2006-002: McAfee WebShield SMTP Format String Vulnerability. Read more at securityfocus.com/archive/1/429812

[ MDKSA-2006:064 ] – Updated MySQL packages fix logging bypass vulnerability

[ MDKSA-2006:064 ] – Updated MySQL packages fix logging bypass vulnerability

. Read more at securityfocus.com/archive/1/429772

Re: On product vulnerability history and vulnerability complexity

Re: On product vulnerability history and vulnerability complexity. Read more at securityfocus.com/archive/1/429757

[ MDKSA-2006:062 ] – Updated dia packages fix buffer overflow vulnerabilities

[ MDKSA-2006:062 ] – Updated dia packages fix buffer overflow vulnerabilities. Read more at securityfocus.com/archive/1/429781